Grab the source and make it a project in my standard Umbraco 7.4.3
Fix up the web.config, UmbracoIdentityStartup.cs, set up models, views, controller.
Verify the standard create member / login works.
Observe that the create / login operations are actually using UmbracoIdentity code.
Here is where I started to do my customizations:
Create a CustomRoleProvider.
Modify Web.Config so that application uses custom role provider.
Check that in the back end that I am getting custom roles, yes.
Check that public access works with the member and custom roles, yes.
This is where things are confusing for me
What I would like is to use my own dll for Authentication.
I have a set of routines that operate against a custom Active Directory Lightweight Directory Service. If unfamiliar with AD LDS, then just consider it a webservice that accepts a username / password and returns whether that user is valid or not. I hope everyone agrees that in an abstract way, I could also be talking about verifying against some sort of custom database at this point as well.
So, from what I understand, the route for me to do this is as follows:
Modify 'UmbracoMembersUserStore.cs' - specifically, change the methods FindByIdAsync and FindByNameAsync, just to name two.
There are more methods in this user store, the idea is to make each one operate, as appropriate, against my custom physical store, if you will.
Looking at FindByNameAsync -- let's say I modify this code so that I accept a userName, but I return a user type from my custom user scheme. No, this is not correct, because at this point FindByNameAsync is expecting an Umbraco Member back.
I suppose I could do my AD LDS Authentication in this method, and if it passed, then allow the normal Umbraco Authorization chain. This feels like a hack.
So this is where I am stuck.
What I am trying to do at this point is make the UmbracoMembersUserStore work with my custom Authentication in the most correct way possible.
I have thought of / tried to make a custom User Manager, hoping that I could then use my own custom Member type, but I have not been successful at all doing that. Custom User Manager seems like it would better a thread on it's own.
Hi Bill,
Did you get solution for your problem? I am facing similar kind of problem. I am trying for LDAP Authentication for back office users. If user is authenticated with my AD service, i want to let that user log into Umbraco back office with restricted access as per the roles in AD. I am able to achieve this in Umbrao 7.2.8. But it seems little difficult with Umbraco 7.4.3.
Tejashri,
This might be stating the obvious, but from looking at the release notes from Umbraco 7.3.0, Feature U4-4808 describes that the custom back office authentication was changed to ASP.Net Identity.
The reason why I mention that is because I think that explains the difference between what you have working in the older version 7.2.8, and the version 7.4.3.
I got around integrating just the custom user store with the Umbraco Identity package.
What I did was fork the source. Meaning I copied the source code from the Umbraco Identity package and made the Umbraco Identity package a project in my solution. I had to figure out what the package was doing to the web.config, and other config changes and make them manually. Then, I modified source code files so that I am doing the authentication / authorization that I need. I still am using the Umbraco member, but just have adjustments to my Active Directory setup where appropriate.
UmbracoIdentity and Custom Authentication
I had a lot of trouble setting up a custom user store with the Umbraco Identity Package.
So the latest attempt goes something like this...
Fork the Umbraco Identity Project:
Verify the standard create member / login works. Observe that the create / login operations are actually using UmbracoIdentity code.
Here is where I started to do my customizations:
Check that in the back end that I am getting custom roles, yes. Check that public access works with the member and custom roles, yes.
This is where things are confusing for me
What I would like is to use my own dll for Authentication. I have a set of routines that operate against a custom Active Directory Lightweight Directory Service. If unfamiliar with AD LDS, then just consider it a webservice that accepts a username / password and returns whether that user is valid or not. I hope everyone agrees that in an abstract way, I could also be talking about verifying against some sort of custom database at this point as well.
So, from what I understand, the route for me to do this is as follows:
Looking at FindByNameAsync -- let's say I modify this code so that I accept a userName, but I return a user type from my custom user scheme. No, this is not correct, because at this point FindByNameAsync is expecting an Umbraco Member back.
I suppose I could do my AD LDS Authentication in this method, and if it passed, then allow the normal Umbraco Authorization chain. This feels like a hack.
So this is where I am stuck.
What I am trying to do at this point is make the UmbracoMembersUserStore work with my custom Authentication in the most correct way possible.
I have thought of / tried to make a custom User Manager, hoping that I could then use my own custom Member type, but I have not been successful at all doing that. Custom User Manager seems like it would better a thread on it's own.
Hi Bill,
Did you get solution for your problem? I am facing similar kind of problem. I am trying for LDAP Authentication for back office users. If user is authenticated with my AD service, i want to let that user log into Umbraco back office with restricted access as per the roles in AD. I am able to achieve this in Umbrao 7.2.8. But it seems little difficult with Umbraco 7.4.3.
Tejashri, This might be stating the obvious, but from looking at the release notes from Umbraco 7.3.0, Feature U4-4808 describes that the custom back office authentication was changed to ASP.Net Identity.
The reason why I mention that is because I think that explains the difference between what you have working in the older version 7.2.8, and the version 7.4.3.
In case you have not seen it U4-4808 references this document: https://our.umbraco.org/Documentation/Reference/Security/
I got around integrating just the custom user store with the Umbraco Identity package.
What I did was fork the source. Meaning I copied the source code from the Umbraco Identity package and made the Umbraco Identity package a project in my solution. I had to figure out what the package was doing to the web.config, and other config changes and make them manually. Then, I modified source code files so that I am doing the authentication / authorization that I need. I still am using the Umbraco member, but just have adjustments to my Active Directory setup where appropriate.
Hope that helps !!! Bill
Thanks a lot Bill. I will try this approach.
Tejashri,
About the same time as I was talking to you, I was talking to some other Umbraco people about Umbraco and ASP.Net Identity.
I think this post would be worth your time, as I reference another post by someone else that was really illuminating, imho.
https://our.umbraco.org/forum/using-umbraco-and-getting-started/77944-active-directory-and-umbraco-members
Bill
is working on a reply...